Analysis and simulation of a fair queueing algorithm
SIGCOMM '89 Symposium proceedings on Communications architectures & protocols
Lazy receiver processing (LRP): a network subsystem architecture for server systems
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
ACM Transactions on Computer Systems (TOCS)
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Steps towards a DoS-resistant internet architecture
Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture
Active internet traffic filtering: real-time response to denial-of-service attacks
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Mayday: distributed filtering for internet services
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
Oasis: an overlay-aware network stack
ACM SIGOPS Operating Systems Review
MIRO: multi-path interdomain routing
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
PRIMED: community-of-interest-based DDoS mitigation
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Efficient and secure source authentication with packet passports
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Cookies along trust-boundaries (CAT): accurate and deployable flood protection
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks
IEEE Transactions on Parallel and Distributed Systems
A measurement study on overhead distribution of value-added internet services
Computer Networks: The International Journal of Computer and Telecommunications Networking
Towards user-centric metrics for denial-of-service measurement
Proceedings of the 2007 workshop on Experimental computer science
A data-oriented (and beyond) network architecture
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
An end-middle-end approach to connection establishment
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Portcullis: protecting connection setup from denial-of-capability attacks
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Cloud control with distributed rate limiting
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
A user-centric metric for denial-of-service measurement
ecs'07 Experimental computer science on Experimental computer science
AS-based accountability as a cost-effective DDoS defense
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Design of a network architecture with inherent data path security
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Fine-grained capabilities for flooding DDoS defense using client reputations
Proceedings of the 2007 workshop on Large scale attack defense
Application of autonomic agents for global information grid management and security
Proceedings of the 2007 Summer Computer Simulation Conference
Scalable traceback against distributed denial of service
International Journal of Web and Grid Services
SRUTI'07 Proceedings of the 3rd USENIX workshop on Steps to reducing unwanted traffic on the internet
Packet forwarding with source verification
Computer Networks: The International Journal of Computer and Telecommunications Networking
SNAPP: stateless network-authenticated path pinning
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Mitigating application-level denial of service attacks on Web servers: A client-transparent approach
ACM Transactions on the Web (TWEB)
GONE: an infrastructure overlay for resilient, DoS-limiting networking
Proceedings of the 2006 international workshop on Network and operating systems support for digital audio and video
Phalanx: withstanding multimillion-node botnets
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
CSAMP: a system for network-wide flow monitoring
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Passport: secure and adoptable source authentication
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Rd network services: differentiation through performance incentives
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Proceedings of the 3rd international workshop on Economics of networked systems
Remote profiling of resource constraints of web servers using mini-flash crowds
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Privacy Preserving Data Mining within Anonymous Credential Systems
SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
Fast autonomous system traceback
Journal of Network and Computer Applications
TVA: a DoS-limiting network architecture
IEEE/ACM Transactions on Networking (TON)
A middleware system for protecting against application level denial of service attacks
Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
Not-a-Bot: improving service availability in the face of botnet attacks
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Secure and policy-compliant source routing
IEEE/ACM Transactions on Networking (TON)
A DoS-resilient information system for dynamic data management
Proceedings of the twenty-first annual symposium on Parallelism in algorithms and architectures
PLUG: flexible lookup modules for rapid deployment of new protocols in high-speed routers
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
Scalable network-layer defense against internet bandwidth-flooding attacks
IEEE/ACM Transactions on Networking (TON)
Security against DOS attack in mobile IP communication
Proceedings of the 2nd international conference on Security of information and networks
ACM Transactions on Computer Systems (TOCS)
Mitigating denial of capability attacks using sink tree based quota allocation
Proceedings of the 2010 ACM Symposium on Applied Computing
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Security analysis of the bootstrap protocol for deny-by-default mobile ad-hoc networks
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
HTTP as the narrow waist of the future internet
Hotnets-IX Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks
CloudPolice: taking access control out of the network
Hotnets-IX Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks
OverCourt: DDoS mitigation through credit-based traffic segregation and path migration
Computer Communications
Building extensible networks with rule-based forwarding
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
WDA: A Web farm Distributed Denial Of Service attack attenuator
Computer Networks: The International Journal of Computer and Telecommunications Networking
Bootstrapping accountability in the internet we have
Proceedings of the 8th USENIX conference on Networked systems design and implementation
dfence: transparent network-based denial of service mitigation
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Depth-in-defense approach against DDoS
ISP'07 Proceedings of the 6th WSEAS international conference on Information security and privacy
CluB: a cluster based framework for mitigating distributed denial of service attacks
Proceedings of the 2011 ACM Symposium on Applied Computing
Improving HTTP performance using "stateless" TCP
Proceedings of the 21st international workshop on Network and operating systems support for digital audio and video
ACM SIGCOMM Computer Communication Review
Misuse detection in consent-based networks
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Intelligent design enables architectural evolution
Proceedings of the 10th ACM Workshop on Hot Topics in Networks
FairCloud: sharing the network in cloud computing
Proceedings of the 10th ACM Workshop on Hot Topics in Networks
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
A middleware system for protecting against application level denial of service attacks
Middleware'06 Proceedings of the 7th ACM/IFIP/USENIX international conference on Middleware
A multilayer overlay network architecture for enhancing IP services availability against dos
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Classification of UDP traffic for DDoS detection
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Hierarchical policies for software defined networks
Proceedings of the first workshop on Hot topics in software defined networks
A denial-of-service resistant DHT
DISC'07 Proceedings of the 21st international conference on Distributed Computing
Participatory networking: an API for application control of SDNs
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
IRIS: a robust information system against insider dos-attacks
Proceedings of the twenty-fifth annual ACM symposium on Parallelism in algorithms and architectures
CoDef: collaborative defense against large-scale link-flooding attacks
Proceedings of the ninth ACM conference on Emerging networking experiments and technologies
High-performance capabilities for 1-hop containment of network attacks
IEEE/ACM Transactions on Networking (TON)
Spread Identity: A new dynamic address remapping mechanism for anonymity and DDoS defense
Journal of Computer Security
A methodology to counter DoS attacks in mobile IP communication
Mobile Information Systems
Hi-index | 0.00 |
We present the design and evaluation of TVA, a network architecture that limits the impact of Denial of Service (DoS) floods from the outset. Our work builds on earlier work on capabilities in which senders obtain short-term authorizations from receivers that they stamp on their packets. We address the full range of possible attacks against communication between pairs of hosts, including spoofed packet floods, network and host bottlenecks, and router state exhaustion. We use simulation to show that attack traffic can only degrade legitimate traffic to a limited extent, significantly outperforming previously proposed DoS solutions. We use a modified Linux kernel implementation to argue that our design can run on gigabit links using only inexpensive off-the-shelf hardware. Our design is also suitable for transition into practice, providing incremental benefit for incremental deployment.